[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection



Ok, sorry to take so long to get back to you.
You may need to make some changes. 

Since this works for the web browser, I am guessing you have
already done most of this. so if I repeat things you already
have done, then compare and skip.

The following has worked for me.

1. Think about your URL patterns in web.xml. Can this be
   simplified? Note also that the url path element 'restrictedAccess'
   can be whatever you want as long as you are consistent.

2. Edit tomcat-users.xml to ensure that the following
   lines are included.You will need to repeat the <user...>
   entry for every user who can access the dataset(s).
   Also, the rolename can be anything you want as long as you
   are consistent: there is nothing magic about 'restrictedDatasetUser'.
    <role rolename="restrictedDatasetUser"/>
    <user username="..."
        password="..."
        roles="restrictedDatasetUser"/>

3.  In your web.xml, you have
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
     This means you must access the datasets using https:
     If you want to allow http:, then change CONFIDENTIAL to NONE.

4.  Your web.xml also needs this:
      <security-role>
         <description>...</description>
         <role-name>restrictedDatasetUser</role-name>
      </security-role>

5. You need to add this to your catalog.xml, the exact form
   varies depending on if you are doing a dataset scan vs specifying
   a root.
      <datasetRoot path="restrictedAccess" location="..."/>
      <dataset name="..."
               ID="..."
               serviceName="all"
               urlPath="restrictedAccess/..."
               restrictAccess="restrictedDatasetUser"/>
   For a datasetscan, you will need something like this:
     <datasetScan name="..." ID="..." path="..." 
                  location="..."
                  restrictAccess="restrictedDatasetUser">
         ...
     </datasetScan>

=Dennis Heimbigner
  Unidata


Ticket Details
===================
Ticket ID: AVQ-822608
Department: Support THREDDS
Priority: Normal
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.